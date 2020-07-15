Attackers exploiting unpatched F5 BIG-IP devices

By on
Attackers exploiting unpatched F5 BIG-IP devices

Crypto miners and webshells dropped.

A critical vulnerability in F5 data centre and enterprise network products that was revealed on July 1 this year is being actively exploited remotely, security researchers have observed.

Security vendor NCCGroup's Research and Intelligence Fusion Team (RIFT) has monitored the exploits since July 3 when it saw the first attacks, 

Threat actors are dropping Monero crypto-currency miner malware, webshells that can be used as remote attack platforms, and other more complex payloads.

If administrators were slow to patch, it is likely that their devices have already been hacked.

A patch against the vulnerability is available but NCCGroup advised that F5 customers that patched after July 4 US time should "assume compromise and conduct a forensic examination of the server."

The same goes for sites that applied mitigations after July 4 US time; these should check for signs of exploitation before log files are rotated and the data in them is overwritten.

The flaw lies in the Traffic Management User Interface configuration utility which does not properly implement access controls.

Just days after security vendor Positive Technologies discovered the flaw, a simple, one-line exploit for it was made public and did the rounds on social media.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
bigip f5 monero nccgroup networking security

Most Read Articles

Telstra to have Australian agents answer all inbound calls from 2022

Telstra to have Australian agents answer all inbound calls from 2022
Woolworths identifies stores with stock in chats initiated from Google Search, Maps

Woolworths identifies stores with stock in chats initiated from Google Search, Maps
ATO to integrate new digital services API gateway

ATO to integrate new digital services API gateway
NBN Co to cut 800 staff by end of 2020

NBN Co to cut 800 staff by end of 2020
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

Get IT, finance and business on the same page
Get IT, finance and business on the same page
Why is DevSecOps important to your business?
Why is DevSecOps important to your business?
Architecting Hybrid IT & Edge for Digital Advantage
Architecting Hybrid IT & Edge for Digital Advantage
Organizations Increasing Their Adoption of NFV
Organizations Increasing Their Adoption of NFV
Modernise IT by Reducing Your Reliance on AD
Modernise IT by Reducing Your Reliance on AD

Events

Log In

Username / Email:
Password:
  |  Forgot your password?